On 14/08/10 13:49, happyhacker wrote:
> Well I sort of think i've got it right. Please comment on the following
> points:
>
> 1. I have created an internal domain name of "audor.org" the system has
> registered this as "remote.audor.org".
> 2. Our external domain name is www.acdorchester.org.
> 3. I now need to purchase a domain name of www.audor.org and point the A
> record to the fixed IP address ISP has given. This will allow external
> access for management and roaming staff.
>
> Please comment and advise on any changes necessary. I am not sure if I
> really need to purchase another one?
>
>
The Microsoft recommended configuration for SBS is to use an internal
domain name that is guaranteed not to be legal on the Internet (e.g.
domain.local or domain.lan), to avoid complication in DNS serving.
Practical experience backs up this recommendation: you don't want the
SBS DNS server to be visible from the Internet, and you don't want to
try to maintain two sets of DNS entries for a single domain. The
hostname used for your SBS does not need to bear any relationship to
anything else, and is never visible outside the network.
Any Internet domain(s) can be used for email. Any Internet domain name
can be used for remote access by adding a new hostname, such as in your
case remote.acdorchester.org. You need to create or request a DNS A
record held at your domain host which links the new remote hostname to
your public IP address. You can create a new domain for this purpose,
but it isn't necessary, and as I said, it's strongly recommended that
you don't use any such name for the internal domain.
If you wish to send and receive email directly via SMTP (recommended)
you will need further public DNS entries. One is the MX record, held by
your email domain host (presumably for the acdorchester.org domain)
which must be set to the name of an A record which points to the IP
address. The MX should not be set to the IP address directly, some mail
servers will work with this setup but many will not. The relevant RFC
explicitly states that the MX record must point to a hostname.
The MX record is necessary to receive mail. To send email directly, you
will also need a PTR (reverse DNS) record for your IP address (therefore
held by your ISP) which points to an A record which points back to the
IP address. So in this case your PTR would read
'remote.acdorchester.org' and the A record 'remote.acdorchester.org'
would point back at the IP address. Unless your IP address is on an
email blacklist, this combination should allow email to be delivered to
pretty much all of the world's servers. The PTR-A pair do not have to
match your MX record in any way, though it does no harm if they do and
it's usually convenient. My PTR-A pair are based on a subdomain of my
ISP, and my email domains are almost completely unrelated to this.
--
Joe
Similar Threads
Linear Mode
